diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-10-05 14:53:09 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-10-05 14:53:09 +0000 |
| commit | 96f2a016991c199be477b6abd48824ec1cb6641f (patch) | |
| tree | c1d70a4b27bf8befad040b06c4831e842506fd51 /src/tests | |
| parent | 0ce5cb2e9dc040f35a91bca8dcad68d10ed7ea8a (diff) | |
| download | krb5-96f2a016991c199be477b6abd48824ec1cb6641f.tar.gz krb5-96f2a016991c199be477b6abd48824ec1cb6641f.tar.xz krb5-96f2a016991c199be477b6abd48824ec1cb6641f.zip | |
Propagate modprinc -unlock from master to slave KDCs
Create a new tl-data type to hold the time of the last administrative
unlock, and factor it into decisions about account lockout. Since
tl-data values are propagated from master to slave, this will cause
modprinc -unlock operations to reach slave KDCs on the next
propagation.
ticket: 6795
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/t_lockout.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/tests/t_lockout.py b/src/tests/t_lockout.py index 3d08fbc56..bd33a9506 100644 --- a/src/tests/t_lockout.py +++ b/src/tests/t_lockout.py @@ -23,7 +23,7 @@ #!/usr/bin/python from k5test import * -realm = K5Realm(create_host=False) +realm = K5Realm(create_host=False, start_kadmind=False) realm.run_kadminl('addpol -maxfailure 2 -failurecountinterval 5m lockout') realm.run_kadminl('modprinc +requires_preauth -policy lockout user') @@ -44,5 +44,9 @@ if 'Clients credentials have been revoked while getting initial credentials' \ not in output: fail('Expected lockout error message not seen in kinit output') +# Check that modprinc -unlock allows a further attempt. +output = realm.run_kadminl('modprinc -unlock user') +realm.kinit(realm.user_princ, password('user')) + success('Account lockout.') |